COVER: Wire Fraud Strikes Local Real Estate Firms, Home Buyers

About a year ago, Real Estate One’s title insurance company almost lost $1 million from a wire transfer to East European hackers who concocted fake electronic closing documents in an attempt to steal the money.

Fortunately, the scheme was exposed before the money disappeared. But hacking of wire transfers in real estate transactions is escalating, prompting local real estate companies and the Traverse Area Association of Realtors to step up their vigilance.

“It is a big issue,” said Kim Pontius, TAAR’s executive vice president. “There’s been a rash of this lately. The problem is that the world is getting smaller. People are hacking into emails and sending erroneous wire transfer instructions,” trying to capture money wired to close real estate transactions.

Accounts of hacking of corporations, celebrities and politicians are in the news nearly every day. Real estate and title company officials say attention to the problem in their industries has escalated in recent months.

Hackers attempted to steal $3.1 billion in wire transfers across a variety of industries between 2013 and 2016, according to the FBI.

Pontius said wire fraud was a hot topic at the National Association of Realtors convention in November. The cover story on that month’s issue of Michigan Realtor magazine dealt with the explosion of hacking attempts in real estate transaction wire transfers.

“It’s definitely something that’s in our world,” said Deborah Wiley, a Grand Rapids title insurance company executive and president of the Michigan Land Title Association. “We make sure our members are aware of this during our training sessions. It’s definitely been a topic of conversation.”

Real Estate One’s close call and another more recent attempted theft have prompted the company to tighten its procedures involving real estate closing transactions. In the latest incident, a bank involved in the sale of a home became suspicious about a change in wire transfer instructions and stopped what turned out to be a $100,000 fake transfer request.

Hackers are “surfing the internet all the time for key words in emails, like ‘closing’ and ‘wire transfer.’ We’ve taken the approach with every single one of our agents to assume you’ve been hacked in your email,” said Dennis Pearsall, president of Real Estate One Northwest and its franchise divisions. “We belong to a large group of independent brokers across the county and every single one has been hit by this.”

Real Estate One recently enacted a new policy designed to prevent its employees, agents and customers from unwittingly falling into hackers’ traps. The company’s salespeople are now prohibited from passing on closing instructions to real estate buyers or sellers by unencrypted email. Only title companies, using encrypted email, are allowed to do so.

Customers also are required to sign a document that outlines steps they should take to prevent the hacking of closing documents and holds Real Estate One harmless for any loss of wire transfer funds.

The policy has been adopted by TAAR’s board of directors for its member companies, subject to reviews by its documents and bylaws committees, Pontius said.

Here’s how an attempted theft of wire transfer money usually works:

Criminals hack into a real estate agent’s email and monitor activity, including online calendars. When they see that a closing is scheduled, they send the customer an email that appears to be from the agent, giving closing instructions or changing previous instructions.

Hackers duplicate the logos of real estate companies, banks and title companies to make their wire transfer instructions look legitimate, a process known as “spoofing.” Homebuyers who respond to these emailed instructions stand to lose hundreds of thousands of dollars to hackers within minutes. Many of these hackers operate from Eastern Europe, Africa and other foreign countries.

Pearsall said large real estate firms like his are particularly attractive targets because of the high volume of business they conduct.

“We’re big, and we’re a big target,” he said. “The reason this is so serious is that we’re dealing with large amounts of money.”

Statewide, Real Estate One completes about 24,000 real estate sales a year and expects to transact $6 billion in business this year, Pearsall said.

But hackers are attracted to small real estate companies, as well. Experts say smaller firms are tempting targets because their computer systems tend to be less sophisticated than those at larger companies.

“Most agents are independent and their systems are unmanaged, if you will,” said Kevin Bozung, a principal at SafetyNet Inc., an information technology cybersecurity firm in Traverse City. “There’s a lot of decentralized data and weak backups in small real estate firms.”

Pontius said many smaller agencies also lack the financial resources to install sophisticated security software in their computer systems. But he and others say there are a number of things real estate professionals and their customers can do to protect themselves from hack attacks.

Regularly backing up computers can preserve valuable data should a real estate agency suffer a ransomware attack in which a hacker encrypts a company’s data and demands a ransom to remove the encryption.

Bozung said last year his company managed seven such attacks on Michigan clients. Ransomware attacks have become one of the biggest cybersecurity threats faced by corporations, he said.

Pearsall said salespeople should change their passwords at least every 180 days. And before wiring any funds, buyers and sellers should verify wire transfer instructions in person or by “a trusted and independently verified telephone number,” he said.

Emails changing wire transfers instructions at the last minute are probably fraudulent because those instructions are rarely, if ever, changed, Pearsall said.

Unfortunately, wire transfer fraud and other cyber attacks are likely to increase, and real estate companies must be prepared, according to Bozung.

“It’s a big problem and I expect it’s going to get worse this year, not better,” he said.